SecurityIdentitiesActions.ReadWrite.All

Permission Details

Application Permission

Read and perform all identity security available actions

Allows the app to read and write identity security available actions without a signed-in user.

Permission ID: af2bf46f-7bf1-4be3-8bad-e17e279e8462

Delegated Permission

Read and perform identity security available actions

Allows the app to read and write identity security available actions on behalf of the signed-in identity.

Permission ID: 818229ce-20e4-47bd-92f4-bc94dbb37a56

Properties

Microsoft Graph v1.0 endpoint-derived-docs

Properties is shown from stable Microsoft Graph v1.0 metadata.

Property	Type	Description
`alerts`	`alert collection`
`alerts_v2`	`security.alert collection`	A collection of alerts in Microsoft 365 Defender.
`attackSimulation`	`object`
`cases`	`object`
`dataSecurityAndGovernance`	`object`
`id`	`string`	The unique identifier for an entity. Read-only.
`identities`	`object`	A container for security identities APIs.
`incidents`	`security.incident collection`	A collection of incidents in Microsoft 365 Defender, each of which is a set of correlated alerts and associated metadata that reflects the story of an attack.
`labels`	`object`
`secureScoreControlProfiles`	`secureScoreControlProfile collection`
`secureScores`	`secureScore collection`
`subjectRightsRequests`	`subjectRightsRequest collection`
`threatIntelligence`	`object`
`triggers`	`object`
`triggerTypes`	`object`

JSON Representation

Microsoft Graph v1.0 endpoint-derived-docs

JSON representation is shown from stable Microsoft Graph v1.0 metadata.

JSON representation

{}

Relationships

Microsoft Graph v1.0 endpoint-derived-docs

Relationships is shown from stable Microsoft Graph v1.0 metadata.

Relationship	Type	Description
`alerts`	`alert collection`	Read-only. Nullable.
`alertsv2`	`security.alert collection`	A collection of alerts in Microsoft 365 Defender.
`data security and compliance`	`tenantDataSecurityAndGovernance`	A container for Microsoft Purview data security and compliance APIs.
`identities`	`security.identityContainer`	A container for security identities APIs.
`incidents`	`security.incident collection`	A collection of incidents in Microsoft 365 Defender, each of which is a set of correlated alerts and associated metadata that reflects the story of an attack.
`alerts_v2`	`security.alert collection`	A collection of alerts in Microsoft 365 Defender.
`secureScoreControlProfiles`	`secureScoreControlProfile collection`	Related secureScoreControlProfiles data exposed by this resource.
`secureScores`	`secureScore collection`	Related secureScores data exposed by this resource.
`subjectRightsRequests`	`subjectRightsRequest collection`	Related subjectRightsRequests data exposed by this resource.
`cloudAppSecurityProfiles`	`cloudAppSecurityProfile collection`	Related cloudAppSecurityProfiles data exposed by this resource.
`domainSecurityProfiles`	`domainSecurityProfile collection`	Related domainSecurityProfiles data exposed by this resource.
`fileSecurityProfiles`	`fileSecurityProfile collection`	Related fileSecurityProfiles data exposed by this resource.
`hostSecurityProfiles`	`hostSecurityProfile collection`	Related hostSecurityProfiles data exposed by this resource.
`incidentTasks`	`security.incidentTask collection`	A collection of tasks associated with security incidents.
`ipSecurityProfiles`	`ipSecurityProfile collection`	Related ipSecurityProfiles data exposed by this resource.
`providerTenantSettings`	`providerTenantSetting collection`	Related providerTenantSettings data exposed by this resource.
`securityActions`	`securityAction collection`	Related securityActions data exposed by this resource.
`tiIndicators`	`tiIndicator collection`	Related tiIndicators data exposed by this resource.
`userSecurityProfiles`	`userSecurityProfile collection`	Related userSecurityProfiles data exposed by this resource.
`zones`	`security.zone collection`	A collection of cloud zones in Microsoft Defender for Cloud that group and manage cloud environments across multiple cloud providers.

Graph Methods

Delegated access App-only access

Exact Microsoft Learn match

Microsoft Graph v1.0 endpoints are mapped directly from refreshed Microsoft Learn permissions tables.

Methods
POST `/security/identities/identityAccounts/{identityAccountsId}/invokeAction`

Exact Microsoft Learn match

Microsoft Graph beta endpoints are mapped directly from refreshed Microsoft Learn permissions tables.

Methods
POST `/security/identities/identityAccounts/{identityAccountsId}/invokeAction`

Exact Microsoft Learn PowerShell match

Microsoft Graph PowerShell v1.0 commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.

Commands
`Invoke-MgInvokeSecurityIdentityAccountAction` /security/identities/identityAccounts/{identityAccountsId}/invokeAction identityAccounts: invokeAction

Exact Microsoft Learn PowerShell match

Microsoft Graph PowerShell beta commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.

Commands
`Invoke-MgBetaInvokeSecurityIdentityAccountAction` /security/identities/identityAccounts/{identityAccountsId}/invokeAction identityAccounts: invokeAction

Code Examples

C# / .NET SDK

identityAccounts: invokeAction

View official example on Microsoft Learn

// Code snippets are only available for the latest version. Current version is 5.x

// Dependencies
using Microsoft.Graph.Security.Identities.IdentityAccounts.Item.MicrosoftGraphSecurityInvokeAction;
using Microsoft.Graph.Models.Security;

var requestBody = new InvokeActionPostRequestBody
{
	AccountId = "256db173-930a-4991-9061-0d51a9a93ba5",
	Action = ActionObject.Disable,
	IdentityProvider = IdentityProvider.ActiveDirectory,
};

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Security.Identities.IdentityAccounts["{identityAccounts-id}"].MicrosoftGraphSecurityInvokeAction.PostAsync(requestBody);

JavaScript

identityAccounts: invokeAction

View official example on Microsoft Learn

const options = {
	authProvider,
};

const client = Client.init(options);

const invokeActionResult = {
  accountId: '256db173-930a-4991-9061-0d51a9a93ba5',
  action: 'disable',
  identityProvider: 'activeDirectory'
};

await client.api('/security/identities/identityAccounts/0104216-0539-4838-88b1-55baafdc296b/invokeAction')
	.post(invokeActionResult);

PowerShell

identityAccounts: invokeAction

View official example on Microsoft Learn

Import-Module Microsoft.Graph.Security

$params = @{
	accountId = "256db173-930a-4991-9061-0d51a9a93ba5"
	action = "disable"
	identityProvider = "activeDirectory"
}

Invoke-MgInvokeSecurityIdentityAccountAction -IdentityAccountsId $identityAccountsId -BodyParameter $params

Python

identityAccounts: invokeAction

View official example on Microsoft Learn

# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.security.identities.identityaccounts.item.microsoft_graph_security_invoke_action.invoke_action_post_request_body import InvokeActionPostRequestBody
from msgraph.generated.models.action import Action
from msgraph.generated.models.identity_provider import IdentityProvider
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = InvokeActionPostRequestBody(
	account_id = "256db173-930a-4991-9061-0d51a9a93ba5",
	action = Action.Disable,
	identity_provider = IdentityProvider.ActiveDirectory,
)

result = await graph_client.security.identities.identity_accounts.by_identity_accounts_id('identityAccounts-id').microsoft_graph_security_invoke_action.post(request_body)

App Registration

1

Navigate to Azure Portal

Go to App registrations in Microsoft Entra admin center

2

Add API Permission

Select your app → API permissions → Add a permission → Microsoft Graph

3

Select Permission Type

Choose Application permissions or delegated permissions and search for SecurityIdentitiesActions.ReadWrite.All

4

Grant Admin Consent

Application permissions always require admin consent.